Isolation mode, Apple’s answer to Pegasus

The revelations about Pegasus, the espionage system developed by NSO Group, have marked a before and after in terms of the conception we have in relation to the security and privacy of our devices. Apple has been one of the companies that has reacted with the greatest virulence, and Isolation Mode is just one of several measures taken by those in Cupertino to deal with what the company calls “state-backed mercenary spyware”, a great definition in my opinion.

This is not, as I say, Apple’s first step in this direction. Already at the end of last year, the company denounced NSO Group for spying on iPhone users through Pegasus, and with the intention of obtain a permanent court order prohibiting NSO Group from using any Apple software, service or device. A laudable, albeit complicated, goal, since only a constant external audit of NSO Group’s operations would provide a real guarantee that the company no longer uses any Apple technology.

Perhaps due to mistrust or perhaps to reinforce its commitment to the safety of its users, the company has decided to go a step further with the announcement, through a press release, of the Isolation Mode, a special mode designed specifically for those users who consider that they may be victims of this type of espionage. Isolation mode will be included in the iOS 16, iPadOS 16 and macOS Ventura operating systems, which will be rolled out by Apple in the fall, although we do not know if it will be in its first version or in a later update.

It is important to clarify, at this point, that attacks carried out with tools such as Pegasus are actions directed towards very specific people, such as heads of state, political dissidents, journalists, diplomats, big businessmen, etc. Pegasus is the best known of these services, but not the only one, and in theory its managers claim to follow irreproachable ethical codes. However, cases such as that of Jamal Khashoggi, a Saudi journalist and dissident who was assassinated in the Saudi consulate in Istanbul, and who was spied on with Pegasus, cast doubt on the level of laxity of NSO Group with said code when offering its services. .

Isolation mode, Apple's answer to Pegasus

In other words, Isolation Mode is a solution aimed at a small, very small number of users who consider themselves to be in the crosshairs and therefore fear that they may be the target of actions with Pegasus or the like. The common people, moreover, we can use it if we wish, but it is not recommendedsince the limitations of this mode are more than appreciable in the normal use of the device.

Although it is expected that more features will be added in the future, these are the protections that Isolation Mode will have, according to Apple:

  • Messages: Most types of attachments other than images are blocked. Various features, such as link preview, are also disabled.
  • Web navegation: Certain complex web technologies, such as just-in-time (JIT) compilation of JavaScript, are disabled unless the user excludes a trusted site from isolation mode.
  • apple services– Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent a request or called the initiator.
  • The wired connections with a computer or accessory are locked when iPhone is locked.
  • When isolation mode is activated, unable to install configuration profiles and the device also cannot access mobile device management (MDM).

Why precisely those protections? It is not difficult to suppose that Apple has a lot of information about how Pegasus works and the exploits it relies on. Thus, we can imagine that with these specific measures, the operation of Pegasus and other similar services will be seriously compromised on iPhones, iPads and Mac computers that can be updated to these versions of their respective operating systems. Be that as it may, this is excellent news, a step for Apple in the right direction and an example for the rest of the industry.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *